00001 <?
00002
00003
00004
00005
00006
00007
00008
00009
00010
00011
00012
00013
00014
00015
00016
00017
00018
00019
00020
00031 include_once("constant.php");
00032
00033 class cl_user {
00034 var $id;
00035 var $pass;
00036 var $db;
00037 var $admin;
00038 var $valid;
00039
00040 function cl_user ($p_cn,$p_id=-1){
00041
00042 if ( $p_id == -1 ) {
00043 echo_debug('class_user.php',__LINE__," g_user = ".$_SESSION['g_user']);
00044 $this->id=$_SESSION['g_user'];
00045 $this->pass=$_SESSION['g_pass'];
00046 $this->valid=(isset ($_SESSION['isValid']))?1:0;
00047 $this->db=$p_cn;
00048 if ( isset($_SESSION['g_theme']) )
00049 $this->theme=$_SESSION['g_theme'];
00050
00051 $this->admin=( isset($_SESSION['use_admin']) )?$_SESSION['use_admin']:0;
00052
00053 if ( isset($_SESSION['use_name']) )
00054 $this->name=$_SESSION['use_name'];
00055 if ( isset($_SESSION['use_first_name']) )
00056 $this->first_name=$_SESSION['use_first_name'];
00057 }
00058 else
00059 {
00060 $this->id=$p_id;
00061 $this->db=$p_cn;
00062 $Sql="select use_first_name,
00063 use_name,
00064 use_login,
00065 use_active,
00066 use_admin,
00067 from ac_users
00068 where use_id=$p_id";
00069 $cn=DbConnect();
00070 $Res=pg_exec($cn,$Sql);
00071 if (($Max=pg_NumRows($Res)) == 0 ) return -1;
00072 $row=pg_fetch_array($Res,0);
00073 $this->first_name=$row['use_first_name'];
00074 $this->name=$row['use_name'];
00075 $this->active=$row['use_active'];
00076 $this->login=$row['use_login'];
00077 $this->admin=$row['use_admin'];
00078 }
00079 }
00085 function Check()
00086 {
00087
00088 $res=0;
00089 $pass5=md5($this->pass);
00090 if ( $this->valid == 1 ) { return; }
00091 $cn=DbConnect();
00092 if ( $cn != false ) {
00093 $sql="select ac_users.use_login,ac_users.use_active, ac_users.use_pass,
00094 use_admin,use_first_name,use_name
00095 from ac_users
00096 where ac_users.use_login='$this->id'
00097 and ac_users.use_active=1
00098 and ac_users.use_pass='$pass5'";
00099 echo_debug('class_user.php',__LINE__,"Sql = $sql");
00100 $ret=pg_exec($cn,$sql);
00101 $res=pg_NumRows($ret);
00102 echo_debug('class_user.php',__LINE__,"Number of found rows : $res");
00103 if ( $res >0 ) {
00104 $r=pg_fetch_array($ret,0);
00105 $_SESSION['use_admin']=$r['use_admin'];
00106 $_SESSION['use_name']=$r['use_name'];
00107 $_SESSION['use_first_name']=$r['use_first_name'];
00108
00109 $this->admin=$_SESSION['use_admin'];
00110 $this->name=$_SESSION['use_name'];
00111 $this->first_name=$_SESSION['use_first_name'];
00112 $this->GetGlobalPref();
00113
00114 }
00115 }
00116
00117 if ( $res == 0 ) {
00118 echo '<META HTTP-EQUIV="REFRESH" content="4;url=index.html">';
00119 echo "<BR><BR><BR><BR><BR><BR>";
00120 echo "<P ALIGN=center><BLINK>
00121 <FONT size=+12 COLOR=RED>
00122 Invalid user <BR> or<BR> Invalid password
00123 </FONT></BLINK></P></BODY></HTML>";
00124 session_unset();
00125
00126 exit -1;
00127 } else {
00128 $this->valid=1;
00129 }
00130
00131 return $ret;
00132
00133 }
00134
00135 function getJrn() {
00136 }
00143 function Admin() {
00144 $res=0;
00145
00146 if ( $this->id != 'phpcompta') {
00147 $pass5=md5($this->pass);
00148 $sql="select use_id from ac_users where use_login='$this->id'
00149 and use_active=1 and use_admin=1 and use_pass='$pass5'";
00150
00151 $cn=DbConnect();
00152
00153 $this->admin=CountSql($cn,$sql);
00154 } else $this->admin=1;
00155
00156 return $this->admin;
00157 }
00158 function AccessJrn($p_cn,$p_jrn_id) {
00159 $this->Admin();
00160 if ( $this->admin==1) return true;
00161 $sql=CountSql($p_cn,"select uj_id
00162 from user_sec_jrn
00163 where
00164 uj_priv in ('R','W')
00165 and uj_jrn_id=".$p_jrn_id.
00166 " and uj_login = '".$this->id."'");
00167 if ( $sql != 0 ) return true;
00168 return false;
00169
00170 }
00178 function SetPeriode($p_periode) {
00179 $sql="update user_local_pref set parameter_value='$p_periode' where user_id='$this->id' and parameter_type='PERIODE'";
00180 $Res=ExecSql($this->db,$sql);
00181 }
00192 function GetPeriode() {
00193 $array=$this->GetPreferences();
00194 return $array['PERIODE'];
00195 }
00204 function GetPreferences ()
00205 {
00206
00207 $sql="select parameter_type,parameter_value from user_local_pref where user_id='".$this->id."'";
00208 $Res=ExecSql($this->db,$sql);
00209 if (pg_NumRows($Res) == 0 ) {
00210
00211 $sql=sprintf("insert into user_local_pref (user_id,parameter_value,parameter_type)
00212 select '%s',min(p_id),'PERIODE' from parm_periode where p_closed=false",
00213 $this->id);
00214 $Res=ExecSql($this->db,$sql);
00215
00216 $l_array=$this->GetPreferences();
00217 } else {
00218 for ( $i =0;$i < pg_NumRows($Res);$i++) {
00219 $row= pg_fetch_array($Res,0);
00220 $type=$row['parameter_type'];
00221 $l_array[$type]=$row['parameter_value'];
00222 }
00223 }
00224 return $l_array;
00225 }
00236 function CheckAction ( $p_cn,$p_action_id)
00237 {
00238
00239 if ( $this->admin==1 ) return 1;
00240
00241 $Res=ExecSql($p_cn,"select * from user_sec_act where ua_login='".$this->id."' and ua_act_id=$p_action_id");
00242 $Count=pg_NumRows($Res);
00243 if ( $Count == 0 ) return 0;
00244 if ( $Count == 1 ) return 1;
00245 echo "<H2 class=\"error\"> Invalid action !!! $Count select * from user_sec_act where ua_login='$p_login' and ua_act_id=$p_action_id </H2>";
00246 }
00256 function GetGlobalPref()
00257 {
00258 echo_debug('class_user.php',__LINE__,"function GetGlobalPref");
00259 $cn=Dbconnect();
00260
00261 $Res=ExecSql ($cn,"select parameter_type,parameter_value from
00262 user_global_pref
00263 where user_id='".$this->id."'");
00264 $Max=pg_NumRows($Res);
00265 if ( $Max == 0 ) {
00266 $this->insert_default_global_pref();
00267 $this->GetGlobalPref();
00268 return;
00269 }
00270
00271 $line=array();
00272 for ($i=0;$i<$Max;$i++) {
00273 $row=pg_fetch_array($Res,$i);
00274 $type=$row['parameter_type'];
00275 $line[$type]=$row['parameter_value'];;
00276 }
00277
00278 $array_pref=array ('g_theme'=>'THEME','g_pagesize'=>'PAGESIZE');
00279 foreach ($array_pref as $name=>$parameter ) {
00280 if ( ! isset ($line[$parameter]) ) {
00281 echo_debug("Missing pref : ".$parameter);
00282 $this->insert_default_global_pref($parameter);
00283 $this->GetGlobalPref();
00284 return;
00285 }
00286 $_SESSION[$name]=$line[$parameter];
00287 }
00288 }
00289
00298 function insert_default_global_pref($p_type="",$p_value="") {
00299 echo_debug('class_user.php',__LINE__,"function insert_default_global_pref");
00300 echo_debug('class_user.php',__LINE__,"parameter p_type $p_type p_value $p_value");
00301
00302 $default_parameter= array("THEME"=>"Light",
00303 "PAGESIZE"=>"50");
00304 $cn=Dbconnect();
00305 $Sql="insert into user_global_pref(user_id,parameter_type,parameter_value)
00306 values ('%s','%s','%s')";
00307 if ( $p_type == "" ) {
00308 foreach ( $default_parameter as $name=>$value) {
00309 $Insert=sprintf($Sql,$this->id,$name,$value);
00310 ExecSql($cn,$Insert);
00311 }
00312 }
00313 else {
00314 $value=($p_value=="")?$default_parameter[$p_type]:$p_value;
00315 $Insert=sprintf($Sql,$this->id,$p_type,$value);
00316 ExecSql($cn,$Insert);
00317 }
00318
00319
00320 }
00321
00330 function update_global_pref($p_type,$p_value="") {
00331 $default_parameter= array("THEME"=>"Light",
00332 "PAGESIZE"=>"50");
00333 $cn=Dbconnect();
00334 $Sql="update user_global_pref set parameter_value='%s'
00335 where parameter_type='%s' and
00336 user_id='%s'";
00337 $value=($p_value=="")?$default_parameter[$p_type]:$p_value;
00338 $Update=sprintf($Sql,$value,$p_type,$this->id);
00339 ExecSql($cn,$Update);
00340
00341 }
00345 function getExercice()
00346 {
00347 $sql="select p_exercice from parm_periode where p_id=".$this->GetPeriode();
00348 $Ret=ExecSql($this->db,$sql);
00349 $r=pg_fetch_array($Ret,0);
00350 return $r['p_exercice'];
00351 }
00358 function AccessRequest($p_cn,$p_action)
00359 {
00360 if ( $this->CheckAction($p_cn,$p_action)==0 )
00361 {
00362 echo "<script>";
00363 echo "alert ('Cette action ne vous est pas autorisée. Contactez votre responsable');";
00364 echo "</script>";
00365 exit(-1);
00366 }
00367 }
00368 }
00369 ?>